Winter Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ex2p65

Exact2Pass Menu

Login / Register

Question # 4

Northern Trail Outfitters (NTO) wants its customers to use phone numbers to log in to their new digital portal, which was designed and built using Salesforce Experience Cloud. In order to access the portal, the user will need to do the following:

1. Enter a phone number and/or email address

2. Enter a verification code that is to be sent via email or text.

What is the recommended approach to fulfill this requirement?

A.

Create a Login Discovery page and provide a Login Discovery Handler Apex class.

B.

Create a custom login page with an Apex controller. The controller has logic to send and verify the identity.

C.

Create an Authentication provider and implement a self-registration handler class.

D.

Create a custom login flow that uses an Apex controller to verify the phone numbers with the company's verification service.

Full Access
Question # 5

Universal Containers (UC) has implemented SSO according to the diagram below. uses SAML while Salesforce Org 1 uses OAuth 2.0. Users usually start their day by first attempting to log into Salesforce Org 2 and then later in the day, they will log into either the Financial System or CPQ system depending upon their job position. Which two systems are acting as Identity Providers?

A.

Financial System

B.

Pingfederate

C.

Salesforce Org 2

D.

Salesforce Org 1

Full Access
Question # 6

Universal containers (UC) would like to enable self - registration for their salesforce partner community users. UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate profile and account values. Which two actions should the architect recommend to UC? Choose 2 answers

A.

Modify the communitiesselfregcontroller to assign the profile and account.

B.

Modify the selfregistration trigger to assign profile and account.

C.

Configure registration for communities to use a custom visualforce page.

D.

Configure registration for communities to use a custom apex controller.

Full Access
Question # 7

Northern Trail Outfitters (NTO) is planning to implement a community for its customers using Salesforce Experience Cloud . Customers are not able to self-register. NTO would like to have customers set their own passwords when provided access to the community.

Which two recommendations should an identity architect make to fulfill this requirement?

Choose 2 answers

A.

Add customers as contacts and add them to Experience Cloud site.

B.

Enable Welcome emails while configuring the Experience Cloud site.

C.

Allow Password reset using the API to update Experience Cloud site membership.

D.

Use Login Flows to allow users to reset password in Experience Cloud site.

Full Access
Question # 8

Universal containers (UC) has a classified information system that it's call centre team uses only when they are working on a case with a record type of "classified". They are only allowed to access the system when they own an open "classified" case, and their access to the system is removed at all other times. They would like to implement SAML SSO with salesforce as the IDP, and automatically allow or deny the staff's access to the classified information system based on whether they currently own an open "classified" case record when they try to access the system using SSO. What is the recommended solution for automatically allowing or denying access to the classified information system based on the open "classified" case record criteria?

A.

Use a custom connected App handler using apex to dynamically allow access to the system based on whether the staff owns any open "classified" cases.

B.

Use apex trigger on case to dynamically assign permission sets that grant access when a user is assigned with an open "classified" case, and remove it when the case is closed.

C.

Use custom SAML jit provisioning to dynamically query the user's open "classified" cases when attempting to access the classified information system

D.

Use salesforce reports to identify users that currently owns open "classified" cases and should be granted access to the classified information system.

Full Access
Question # 9

Northern Trail Outfitters recently acquired a company. Each company will retain its Identity Provider (IdP). Both companies rely extensively on Salesforce processes that send emails to users to take specific actions in Salesforce.

How should the combined companys' employees collaborate in a single Salesforce org, yet authenticate to the appropriate IdP?

A.

Configure unique MyDomains for each company and have generated links use the appropriate MyDomam in the URL.

B.

Have generated links append a querystnng parameter indicating the IdP. The login service will redirect to the appropriate IdP.

C.

Have generated links be prefixed with the appropriate IdP URL to invoke an IdP-initiated Security Assertion Markup Language flow when clicked.

D.

Enable each IdP as a login option in the MyDomain Authentication Service settings. Users will then click on the appropriate IdP button.

Full Access
Question # 10

Universal Containers (UC) is planning to deploy a custom mobile app that will allow users to get e-signatures from its customers on their mobile devices. The mobile app connects to Salesforce to upload the e-signature as a file attachment and uses OAuth protocol for both authentication and authorization. What is the most recommended and secure OAuth scope setting that an Architect should recommend?

A.

Id

B.

Web

C.

Api

D.

Custom_permissions

Full Access
Question # 11

Universal Containers (UC) wants its closed Won opportunities to be synced to a Data warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is secure. What certificate is sent along with the Outbound Message?

A.

The Self-signed Certificates from the Certificate & Key Management menu.

B.

The default client Certificate from the Develop--> API menu.

C.

The default client Certificate or the Certificate and Key Management menu.

D.

The CA-signed Certificate from the Certificate and Key Management Menu.

Full Access
Question # 12

Northern Trail Outfitters (NTO) leverages Microsoft Active Directory (AD) for management of employee usernames, passwords, permissions, and asset access. NTO also owns a third-party single sign-on (SSO) solution. The third-party party SSO solution is used for all corporate applications, including Salesforce.

NTO has asked an architect to explore Salesforce Identity Connect for automatic provisioning and deprovisiorung of users in Salesforce.

What role does identity Connect play in the outlined requirements?

A.

Service Provider

B.

Single Sign-On

C.

Identity Provider

D.

User Management

Full Access
Question # 13

Universal Containers (UC) operates in Asia, Europe and North America regions. There is one Salesforce org for each region. UC is implementing Customer 360 in Salesforce and has procured External Identity and Customer Community licenses in all orgs.

Customers of UC use Community to track orders and create inquiries. Customers also tend to move across regions frequently.

What should an identity architect recommend to optimize license usage and reduce maintenance overhead?

A.

Merge three orgs into one instance of Salesforce. This will no longer require maintaining three separate copies of the same customer.

B.

Delete contact/ account records and deactivate user if user moves from a specific region; Sync will no longer be required.

C.

Contacts are required since Community access needs to be enabled. Maintenance is a necessary overhead that must be handled via data integration.

D.

Enable Contactless User in all orgs and downgrade users from Experience Cloud license to External Identity license once users have moved out of that region.

Full Access
Question # 14

Universal Containers (UC) implemented SSO to a third-party system for their Salesforce users to access the App Launcher. UC enabled “User Provisioning” on the Connected App so that changes to user accounts can be synched between Salesforce and the third party system. However, UC quickly notices that changes to user roles in Salesforce are not getting synched to the third-party system. What is the most likely reason for this behaviour?

A.

User Provisioning for Connected Apps does not support role sync.

B.

Required operation(s) was not mapped in User Provisioning Settings.

C.

The Approval queue for User Provisioning Requests is unmonitored.

D.

Salesforce roles have more than three levels in the role hierarchy.

Full Access
Question # 15

Universal Containers would like its customers to register and log in to a portal built on Salesforce Experience Cloud. Customers should be able to use their Facebook or Linkedln credentials for ease of use.

Which three steps should an identity architect take to implement social sign-on?

Choose 3 answers

A.

Register both Facebook and Linkedln as connected apps.

B.

Create authentication providers for both Facebook and Linkedln.

C.

Check "Facebook" and "Linkedln" under Login Page Setup.

D.

Enable "Federated Single Sign-On Using SAML".

E.

Update the default registration handlers to create and update users.

Full Access
Question # 16

Universal Containers (UC) has Active Directory (AD) as their enterprise identity store and would like to use it for Salesforce user authentication. UC expects to synchronize user data between Salesforce and AD and Assign the appropriate Profile and Permission Sets based on AD group membership. What would be the optimal way to implement SSO?

A.

Use Active Directory with Reverse Proxy as the Identity Provider.

B.

Use Microsoft Access control Service as the Authentication provider.

C.

Use Active Directory Federation Service (ADFS) as the Identity Provider.

D.

Use Salesforce Identity Connect as the Identity Provider.

Full Access
Question # 17

Northern Trail Outfitters (NTO) uses Salesforce Experience Cloud sites (previously known as Customer Community) to provide a digital portal where customers can login using their Google account.

NTO would like to automatically create a case record for first time users logging into Salesforce Experience Cloud.

What should an Identity architect do to fulfill the requirement?

A.

Configure an authentication provider for Social Login using Google and a custom registration handler.

B.

Implement a Just-in-Time handler class that has logic to create cases upon first login.

C.

Create an authentication provider for Social Login using Google and leverage standard registration handler.

D.

Implement a login flow with a record create component for Case.

Full Access
Question # 18

Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record?

A.

Implement jit provisioning on the SAML IDP that will pass the profile id in each assertion.

B.

Create an apex scheduled job in one org that will synchronize the other orgs profile.

C.

Implement Delegated Authentication that will update the user profiles as necessary.

D.

Implement an Oauthjwt flow to pass the profile credentials between systems.

Full Access
Question # 19

Universal Containers (UC) has a strict requirement to authenticate users to Salesforce using their mainframe credentials. The mainframe user store cannot be accessed from a SAML provider. UC would also like to have users in Salesforce created on the fly if they provide accurate mainframe credentials.

How can the Architect meet these requirements?

A.

Use a Salesforce Login Flow to call out to a web service and create the user on the fly.

B.

Use the SOAP API to create the user when created on the mainframe; implement Delegated Authentication.

C.

Implement Just-In-Time Provisioning on the mainframe to create the user on the fly.

D.

Implement OAuth User-Agent Flow on the mainframe; use a Registration Handler to create the user on the fly.

Full Access
Question # 20

A multinational company is looking to rollout Salesforce globally. The company has a Microsoft Active Directory Federation Services (ADFS) implementation for the Americas, Europe and APAC. The company plans to have a single org and they would like to have all of its users access Salesforce using the ADFS . The company would like to limit its investments and prefer not to procure additional applications to satisfy the requirements.

What is recommended to ensure these requirements are met ?

A.

Use connected apps for each ADFS implementation and implement Salesforce site to authenticate users across the ADFS system applicable to their geo.

B.

Implement Identity Connect to provide single sign-on to Salesforce and federated across multiple ADFS systems.

C.

Add a central identity system that federates between the ADFS systems and integrate with Salesforce for single sign-on.

D.

Configure Each ADFS system under single sign-on settings and allow users to choose the system to authenticate during sign on to Salesforce-

Full Access
Question # 21

A financial enterprise is planning to set up a user authentication mechanism to login to the Salesforce system. Due to regulatory requirements, the CIO of the company wants user administration, including passwords and authentication requests, to be managed by an external system that is only accessible via a SOAP webservice.

Which authentication mechanism should an identity architect recommend to meet the requirements?

A.

OAuth Web-Server Flow

B.

Identity Connect

C.

Delegated Authentication

D.

Just-in-Time Provisioning

Full Access
Question # 22

Universal Containers want users to be able to log in to the Salesforce mobile app with their Active Directory password. Employees are unable to use mobile VPN.

Which two options should an identity architect recommend to meet the requirement?

Choose 2 answers

A.

Active Directory Password Sync Plugin

B.

Configure Cloud Provider Load Balancer

C.

Salesforce Trigger & Field on Contact Object

D.

Salesforce Identity Connect

Full Access
Question # 23

Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.

What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

A.

Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.

B.

Build an integration that queries LDAP periodically and creates new active users in Salesforce.

C.

Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.

D.

Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at

first login.

Full Access
Question # 24

A university is planning to set up an identity solution for its alumni. A third-party identity provider will be used for single sign-on Salesforce will be the system of records. Users are getting error messages when logging in.

Which Salesforce feature should be used to debug the issue?

A.

Apex Exception Email

B.

View Setup Audit Trail

C.

Debug Logs

D.

Login History

Full Access
Question # 25

Northern Trail Outfitters would like to automatically create new employee users in Salesforce with an appropriate profile that maps to its Active Directory Department.

How should an identity architect implement this requirement?

A.

Use the createUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.

B.

Use the updateUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.

C.

Use a login flow to collect Security Assertion Markup Language attributes and assign the appropriate profile during Just-In-Time

(JIT) provisioning.

D.

Make a callout during the login flow to query department from Active Directory to assign the appropriate profile.

Full Access
Question # 26

A web service is developed that allows secure access to customer order status on the Salesforce Platform, The service connects to Salesforce through a connected app with the web server flow. The following are the required actions for the authorization flow:

1. User Authenticates and Authorizes Access

2. Request an Access Token

3. Salesforce Grants an Access Token

4. Request an Authorization Code

5. Salesforce Grants Authorization Code

What is the correct sequence for the authorization flow?

A.

1, 4, 5, 2, 3

B.

4, 1, 5, 2, 3

C.

2, 1, 3, 4, 5

D.

4,5,2, 3, 1

Full Access
Question # 27

Universal Containers (UC) has a Customer Community that uses Facebook for of authentication. UC would like to ensure that changes in the Facebook profile are 65. reflected on the appropriate Customer Community user. How can this requirement be met?

A.

Use SAML Just-In-Time Provisioning between Facebook and Salesforce.

B.

Use information in the Signed Request that is received from Facebook.

C.

Develop a scheduled job that calls out to Facebook on a nightly basis.

D.

Use the updateUser() method on the Registration Handler class.

Full Access
Question # 28

which three are features of federated Single Sign-on solutions? Choose 3 answers

A.

It federates credentials control to authorized applications.

B.

It establishes trust between Identity store and service provider.

C.

It solves all identity and access management problems.

D.

It improves affiliated applications adoption rates.

E.

It enables quick and easy provisioning and deactivating of users.

Full Access
Question # 29

Universal Containers wants to allow its customers to log in to its Experience Cloud via a third party authentication provider that supports only the OAuth protocol.

What should an identity architect do to fulfill this requirement?

A.

Contact Salesforce Support and enable delegate single sign-on.

B.

Create a custom external authentication provider.

C.

Use certificate-based authentication.

D.

Configure OpenID Connect authentication provider.

Full Access
Question # 30

Northern Trail Outfitters (NTO) recently purchased Salesforce Identity Connect to streamline user provisioning across Microsoft Active Directory (AD) and Salesforce Sales Cloud.

NTO has asked an identity architect to identify which salesforce security configurations can map to AD permissions.

Which three Salesforce permissions are available to map to AD permissions?

Choose 3 answers

A.

Public Groups

B.

Field-Level Security

C.

Roles

D.

Sharing Rules

E.

Profiles and Permission Sets

Full Access
Question # 31

Universal Containers (UC) has decided to use Salesforce as an Identity Provider for multiple external applications. UC wants to use the salesforce App Launcher to control the Apps that are available to individual users. Which three steps are required to make this happen?

A.

Add each connected App to the App Launcher with a Start URL.

B.

Set up an Auth Provider for each External Application.

C.

Set up Salesforce as a SAML Idp with My Domain.

D.

Set up Identity Connect to Synchronize user data.

E.

Create a Connected App for each external application.

Full Access
Question # 32

A client is planning to rollout multi-factor authentication (MFA) to its internal employees and wants to understand which authentication and verification methods meet the Salesforce criteria for secure authentication.

Which three functions meet the Salesforce criteria for secure mfa?

Choose 3 answers

A.

username and password + SMS passcode

B.

Username and password + secunty key

C.

Third-party single sign-on with Mobile Authenticator app

D.

Certificate-based Authentication

E.

Lightning Login

Full Access
Question # 33

Northern Trail Outfitters (NTO) has an existing custom business-to-consumer (B2C) website that does NOT support single sign-on standards, such as Security Assertion Markup Language (SAMi) or OAuth. NTO wants to use Salesforce Identity to register and authenticate new customers on the website.

Which two Salesforce features should an identity architect use in order to provide username/password authentication for the website?

Choose 2 answers

A.

Identity Connect

B.

Delegated Authentication

C.

Connected Apps

D.

Embedded Login

Full Access
Question # 34

Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google. UC is also leveraging the App Launcher to let customers access an of platform application for generating shipping labels. The label generator application uses OAuth to provide users access. What license type should an Architect recommend for the customers?

A.

Customer Community license

B.

Identity license

C.

Customer Community Plus license

D.

External Identity license

Full Access
Question # 35

What item should an Architect consider when designing a Delegated Authentication implementation?

A.

The Web service should be secured with TLS using Salesforce trusted certificates.

B.

The Web service should be able to accept one to four input method parameters.

C.

The web service should use the Salesforce Federation ID to identify the user.

D.

The Web service should implement a custom password decryption method.

Full Access
Question # 36

Universal Containers (UC) built an integration for their employees to post, view, and vote for ideas in Salesforce from an internal Company portal. When ideas are posted in Salesforce, links to the ideas are created in the company portal pages as part of the integration process. The Company portal connects to Salesforce using OAuth. Everything is working fine, except when users click on links to existing ideas, they are always taken to the Ideas home page rather than the specific idea, after authorization. Which OAuth URL parameter can be used to retain the original requested page so that a user can be redirected correctly after OAuth authorization?

A.

Redirect_uri

B.

State

C.

Scope

D.

Callback_uri

Full Access
Question # 37

An Enterprise is using a Lightweight Directory Access Protocol (LDAP ) server as the only point for user authentication with a username/password. Salesforce delegated authentication is configured to integrate Salesforce under single sign-on (SSO).

Mow can end users change their password?

A.

Users once logged In, can go to the Change Password screen in Salesforce.

B.

Users can click on the "Forgot your Password" link on the Salesforce.com login page.

C.

Users can request the Salesforce Admin to reset their password.

D.

Users can change it on the enterprise LDAP authentication portal.

Full Access